Ask stories

I am a big fan of Claude Opus as it has been very good at understanding feature requests and generally staying consistent with my codebase (completely written from scratch using Opus).

I've noticed recently that when I am using Opus at night (Eastern US), I am seeing it go down extreme rabbit holes on the same types of requests I am putting through on a regular basis. It is more likely to undertake refactors that break the code and then iterates on those errors in a sort of spiral. A request that would normally take 3-4 minutes will turn into a 10 minute adventure before I revert the changes, call out the mistake, and try again. It will happily admit the mistake, but the pattern seems to be consistent.

I haven't performed a like for like test and that would be interesting, but has anyone else noticed the same?

Hi folks! I have huge success on a prototype of this approach:

- Store all data as json

- App loads: load full json on a client

- Something changes by user - change json locally and every 10 seconds save whole json to backend as a single json file

- also every 10 seconds load the updated json from backend to client.

Yes, I know, parallel access problems, lack of schema, lack of db, using file to store. But how much it makes life easier and speed ups development at start! I am in this over 20 years, and I like dumb stupid solutions applied properly. Duct taping forever!

Hello HN! I am putting together a community-maintained directory of personal websites at <https://hnpwd.github.io/>. More details about the project can be found in the README at <https://github.com/hnpwd/hnpwd.github.io#readme>.

As you can see, the directory currently has only a handful of entries. I need your help to grow it. If you have a personal website, I would be glad if you shared it here. If your website is hosted on a web space where you have full control over its design and content, and if it has been well received in past HN discussions, I might add it to the directory. Just drop a link in the comments. Please let me know if you do not want your website to be included in the directory.

Also, I intend this to be a community maintained resource, so if you would like to join the GitHub project as a maintainer, please let me know either here or via the IRC link in the README.

By the way, see also 'Ask HN: Could you share your personal blog here?' - https://news.ycombinator.com/item?id=36575081 - July 2023 - (1014 points, 1940 comments). In this post, the scope is not restricted to blogs though. Any personal website is welcome, whether it is a blog, digital garden, personal wiki or something else entirely.

UPDATE: It is going to take a while to go through all the submissions and add them. If you'd like to help with the process, please send a PR directly to this project: https://github.com/hnpwd/hnpwd.github.io

Especially those who quit tech and went back from western countries to their (non-western) homeland, what do you do now? Are you happier than before? What are the reasons you left?

Countless voiceless people sit alone every day and have no one to talk to, people of all ages, who don't feel that they can join any local groups. So they sit on social media all day when they're not at work or school. How can we solve this?

In many currently active threads, members of the community are alluding to major productivity gains with more recent LLM models. I think it would be illuminating for all of us to hear what sorts of problem domains and lines of business these successes have occurred in.

A good example would be: "My team used Claude Code Opus 4.5 to build and ship an iOS fitness app that now has 10k paying users." This shows that the results of your process found paying customers.

Less helpful example would be: "My team is closing tickets faster than ever" or "I finally finished the novel I have been working on and my friends say it's great!" These are less interesting because they do not give us any insight into the market response.

I had the username @switzerland since 20.03.2006. Swiss tourism had another username since 17.10.2006. Now recently google gave my username away to swiss tourism without any notification. Their other username was fine for literally 20 years.

Worse, the app still showed my username for a long time meanwhile youtube.com/@Switzerland already showed that of swiss tourism (Schweiz Tourismus) and I was not aware of that. Hence, I lost it some months ago.

Why do I tell you? You might loose your username and you aren't even aware of it.

I am curious how people are doing RAG locally with minimal dependencies for internal code or complex documents?

Are you using a vector database, some type of semantic search, a knowledge graph, a hypergraph?

Inspired by the post that's on the front page as I write this [1] I'm interested to hear about who's using DuckDB in production and how.

We have a tool live that uses it and I'm quite happy so I'm both looking for interesting use cases from others but also to be honest I'm reasonably sure I've just identified today that DuckDB is leaking memory quite seriously [2] so I'm curious to hear if other people have noticed this or if it's maybe something that's not as relevant to others since people might be running DuckDB pipelines in ephemeral envs like lambdas etc. where a memory leak might not matter as much.

[1] https://news.ycombinator.com/item?id=46645176

[2] https://github.com/duckdb/duckdb/issues/20569

I'm playing around with an idea.

Before I go and setup a server.

This is just a prototype. Doesn't need to be fancy.

The audio will be coming from a mobile device, so maybe save to stream that is relayed which I can listen to from VLC?

Or maybe I save the files locally every 30 seconds, and add them to a output stream.

I'm new to audio streaming send and receiving.

GITST. Mobile device sends audio to local server which creates a stream I can connect to and listen.

Thanks

Doesn't matter what domain and how big or small.

I was using my online banking service to transfer money today, and in my country the transfer requires an SMS OTP (yes, I know SMS is terrible for security). I noticed that my Mac automatically filled in the SMS OTP that was sent to my iPhone, even though my iPhone was still locked.

The idea behind SMS OTP is that it proves you "have" the device. But in this case, as long as the device is nearby, my Mac can read and use the code without me unlocking the phone. I don't even need to touch the device. So the "possession" factor doesn’t really work the way it's supposed to.

It got me thinking, are there more examples where 2FA accidentally collapses into a single factor? Or where the two factors aren’t as independent as we assume?

I find this pretty interesting and want to look more into it, but a quick search hasn't turned up much. Does anyone know if people have already written about this?

Background: I manage an ecommerce website. Recent bot traffic is up. Most traffic can be traced to one or two IP addresses with hundreds of requests per day. These ip addresses don't have DNS records for reverse lookup, and when I map the requests in cloudflare, one address shows up as requesting from different data centers all over the US. What is going on here? Source IP example 173 . 245 . 58 . 0

Chicago, United States (ORD)

340 requests

San Jose, United States (SJC)

330 requests

Los Angeles, United States (LAX)

310 requests

Atlanta, United States (ATL)

310 requests

Dallas-Fort Worth, United States (DFW)

290 requests

Newark, United States (EWR)

280 requests

Washington, United States (IAD)

230 requests

Miami, United States (MIA)

210 requests

Boston, United States (BOS)

140 requests

Singapore, Singapore (SIN)

130 requests

Thanks for ideas.

I'm sure this will get some pushback, but I was wondering if anyone had resources on how to integrate traps/tar pits into websites, llm prompting via hidden text, pushing bad data to llms and the like.

I have found a few different types of recommended approaches, such as:

- https://hiddenlayer.com/innovation-hub/novel-universal-bypas...

- tHe SpONgeBoB MetHOd

- https://rnsaffn.com/poison3/

I'm looking for more or some guidance on how to combine methods to really create something noxious.

I'm struggling to get good image outputs from Gemini and ChatGPT for marketing email and social post images. Any tips?

I built a React hook for real-time voice conversations with Google's Gemini Live API and I'm confused why more people aren't doing this.

Gemini Live is capable - full-duplex audio (interrupt the AI mid-sentence), screen sharing so the AI sees what you're looking at, tool calling, built-in VAD. But using it from a browser is painful:

- Browser audio is 48kHz, Gemini wants 16kHz in and sends 24kHz out - PCM16 endianness conversions - Buffer management to avoid clicks and gaps - Keeping your API key out of client code

So I wrapped it into a single hook:

const { connect, transcripts, isConnected } = useGeminiLive({ proxyUrl: 'wss://your-project.supabase.co/functions/v1/gemini-live-proxy' });

Includes a Supabase Edge Function proxy, screen sharing, auto-reconnection, real-time transcription, full TypeScript.

GitHub: https://github.com/loffloff/gemini-live-react

Everyone builds voice AI with OpenAI's Realtime API, but Gemini Live is cheaper and screen sharing is underrated. Am I missing something?

Got hit with 3 of these yesterday.

Three HP ZBook Ultra G1a's all updated to Windows 11 25H2 yesterday and refused to progress past the boot screen.

The workaround patch for this issue is to long press the power button until it does a full reset, (20 seconds or so) and then get into the bios. Note that when you reconnect to power you should also connect a USB to Ethernet adapter.

This worked on 2 of the 3 affected devices I have.

On the third one, the only way to get into bios was to crack open the laptop, pull the battery, long press power for 20+ seconds, then reconnect.

Either way, once it lets you into the bios, go to Update System Bios > Check HP.Com for BIOS updates.

When you select this, the laptop goes black and reboots. You will then need to repeat the same process you used to get into the bios to get into the bios again, only this time it will tell you it needs to disable BDE if you have bitlocker enabled.

Then it will allow you to roll back the bios to 1.03.11. Do so.

Once the rollback is completed the laptop will boot normally.

I have reported this issue to HP Support, but wanted to share in case anyone else is dealing with the same issue. If it had only been 1 device I wouldn't have cared, but for 3 to get hit with the exact same issue at the exact same time when the exact same update with the exact same bios was applied, I figured that it would be useful for more people to know about it.

Hopefully this is somewhat helpful!

I made a tool that finds Gimkit game codes by requesting the check code endpoint with a random 6 digit integer on loop until it got a valid code or it got rate limited. If it stops when it gets rate limited, is it DOS?

I’ve been thinking about a parallel between cursor like IDEs and what health data unification might look like.

Today, my health “signal” is fragmented across: 1. Clinical records (EHR, labs, diagnoses, meds, doctor notes) 2. Wearables (sleep, HR, HRV, activity — high-frequency streams) 3. Life context (work schedule, stress proxies, travel, finances, routines)

What I want is something like an IDE for my body: all these sources show up as files, and when I ask a question, an agent retrieves the minimal relevant pieces and responds with citations + uncertainty.

“My resting HR is up this week — is it sleep, travel, training load, illness, or medication timing?” “After I started X medication, did my sleep/HRV trend change?”

This could also be proactive - obviously there are hard issues I'm sure - permissions, privacy, clinical safety, etc.

Curious for raw/critical feedback: Where does this analogy break, and what’s the hardest missing piece to make this real?

I'm curious to know if you've ever tried any low-code tools (e.g., OutSystems, Mendix, PowerApps, etc.). If not, why not? What are your top objections to those tools? If so, which ones have you tried and what did you think about them? Any thoughts about them becoming more AI-powered?

Hi HN,

I’ve noticed a recurring theme in many threads here: AI is powerful, but once you move past demos, token based pricing becomes expensive and hard to reason about.

We ran into this problem ourselves while building AI powered systems. Predicting costs, budgeting usage, and experimenting safely all got harder as workloads grew. So we built a small AI API platform for inference, aimed at early developers and small teams who want to integrate AI without constantly calculating token usage. The focus is on lower and more predictable costs rather than chasing the newest model.

This is still early, and I’m mainly posting to learn from others here. For people running AI in production, what’s been the hardest part to manage so far? Cost, predictability, performance, or something else?

I’d really appreciate any insights or experiences.

Curious what items under $100 have made your life better or any meaningful impact.

Revival of this [thread](https://news.ycombinator.com/item?id=23363396) from 6 years ago. Thought it would be fun to have new answers to this :)

I asked this back in 2022:

https://news.ycombinator.com/item?id=32723101

What's the latest this year?

I'm not looking for SUNO generated AI Music, that type of AI slop is cheap and easy. I'm looking amazing voice + instrumentation cloning paired with human creative input.

We’ve been experimenting with enterprise systems where the client fully owns the software, data, and governance — no lock-in, no surveillance incentives, no growth-driven design pressure.

The surprising part isn’t technical feasibility, it’s how many standard vendor assumptions break once retention and upsell are no longer the goal.

Curious if others here have seen similar shifts, or if this only works at small scale.

It has been 120 hours (5 days) since the internet shutdown in Iran began. While international phone calls have started working again, data remains blocked.

I am looking for technical solutions to establish resilient, long-term communication channels that can bypass such shutdowns. What are the most viable options for peer-to-peer messaging, mesh networks, or satellite-based solutions that don't rely on local ISP infrastructure?

I have been using Claude Code for DevOps style tasks like SSHing into servers, grepping logs, inspecting files, and querying databases

Overall it's been great. However, I find myself having to review every single command, a lot of which are repetitive. It still saves me a ton of time, but it's quickly becoming a bit tedious

I wish I could give the agent some more autonomy. Like giving it a list of pre-approved commands or actions that it is allowed to run over ssh

For example:

    OK: ls, grep, cat, tail
    Not OK: rm, mv, chmod, etc
    OK: SELECT queries
    Not OK: INSERT, DELETE, DROP, TRUNCATE

What setups have actually worked for you, and where do you draw the line between autonomy and risk?

I had an experience yesterday launching on Show HN that really threw me. The product triggered people's "privacy sense" immediately.

My first reaction was defensive. I took it personally. I thought: Do you really think I’m a scammer? I pour my soul into meticulously crafting products to delight users, not to trick them. Why would I trash all that effort and disrespect my own goals by doing something as stupid as stealing data? It felt insulting that people assumed malice when I was just trying to build something useful.

But after sitting with it, I realized those initial comments—the ones I wanted to dismiss as paranoia—were actually right. Not about me, but about the environment we operate in.

There are enough shady companies, data brokers, and bad actors out there who abuse user trust with impunity. We’ve all seen big corporations bury invasive tracking in their terms of service. As a builder, I don't operate in that world; I’m just focused on making things work. But for users, that betrayal is their baseline reality. They have been trained to expect the worst.

I realized I hadn’t factored that into the launch. I didn’t explicitly state "Your data remains yours" because to me, it was obvious. Why would I want your data? But in an industry that has systematically mined, stolen, and abused user boundaries for a decade, you can’t blame people for checking for the exits. They aren't being "ninnies"; they are being wise.

If I were using a new tool that had access to my workflow, I would want explicit assurance that my IP wasn't being siphoned off. I just forgot to view my own product through the lens of a weary stranger rather than the optimisitc builder who wrote the code.

This is especially true now because the landscape has changed. There was an old PG essay about how ideas are cheap and execution is everything. That’s shifting. AI has made execution cheap. That means ideas are prime again.

Because execution is distributed and fast, first-mover advantage, brand, and reputation matter more than ever. Your prompts and your workflow are your IP.

So, privacy isn't just a compliance box; it's a competitive requirement. I don't think we need full-NSA-level paranoia for every tool, but we do need to recognize the environment we are launching into. The "security purists" were right to push back: I didn't think about that aspect enough, and in 2025, trust is the only currency that matters.

I've got an email from Linkedin:

> ## colleagues from your company already solved LinkedIn puzzle games

Are you f%%n serious, Linkedin? This is a freaking spam from "Linkedin games".

The question is, how to stop it not like unsubscribe, but how to make it painful for them to do spam us?

What are you working on? Any new ideas that you're thinking about?

I'm a solo-founder bootstrapping a SaaS product. Hardest part is not having someone to share the pain with when the fan hit the belt.